In my last post, I showed you how to display and find specific events with the Get-WinEvent cmdlet. Whereas you can filter event messages easily with the Where-Object cmdlet, using the Data key from the FilterHashtable parameter is much faster.
Contents of this article
– Measuring the speed difference
– Raw data structure of an event
– Displaying only events for a specific account
– Displaying only events for a specific IP address and a specific port
itluke.online 